CVE-2014-2322

Name of the Vulnerable Software and Affected Versions Arabic Prawn gem version 0.0.1

Description The issue allows remote attackers to execute arbitrary commands via shell metacharacters in the downloaded file or url variable. This is due to a problem in the lib/string utf support.rb file of the Arabic Prawn gem for Ruby.

Recommendations For Arabic Prawn gem version 0.0.1, consider disabling the use of the downloaded file and url variables until a patch is available to prevent the execution of arbitrary commands. Avoid using the downloaded file and url variables in sensitive operations to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.